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Amendments to the Claims: 

This listing of claims will replace all prior versions and listings of claims in this 
application. Added text is indicated by underlining, and deleted text is indicated by 
strikethrough . Changes are identified by a vertical bar at the left edge of text. 

Listing of Claims: 

1-14. (canceled). 

1 15. (currently amended) An access control management method according to 

2 claim 4-0-32 wherein , at said requesting acquioition of first information for identifying an e xternal 

3 apparatus from said e xternal apparatus, a MAC address is obtained from said host computer 

4 external apparatus by adoption of a protocol based on an iSCSI text mode negotiation. 



16-22. (canceled) 

1 23. (new) A storage system for processing a command transmitted by a host 

2 computer connected to a storage apparatus of the storage system by a network, said storage 

3 system comprising: 

4 a storage unit for storing data to be processed in accordance with said command; 

5 a memory for holding an access management table for storing first information on 

6 identification of said host computer; 

7 means for receiving an iSCSI login request transmitted from the host computer; 

8 means for determining a first determination whether or not a source address 

9 included in an IP header of the iSCSI login request is an IP address in the same segment as a port 

10 of the storage apparatus; 

1 1 means for obtaining a MAC address assigned to the port of the host computer 

1 2 when the source address included in the IP header is not an IP address in the same network as the 

1 3 port of the storage apparatus as a result of the first determination; 
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1 4 means for determining a second determination whether or not the MAC address 

1 5 has been cataloged in an access management table that defines the MAC addresses identifying 

16 the host computer; 

1 7 means for approving an access by said iSCSI login request from the host 

1 8 computer to the storage apparatus when the MAC address has been cataloged in the access 

1 9 management table as a result of the second determination; 

20 means for determining a third determination whether or not a logical unit (LU) 

2 1 specified by the command has been cataloged in the access management table as the LU 

22 associated with the source IP address of a frame including the command; 

23 means for performing said second determination and said third determination in 

24 accordance with a source MAC address in the frame of iSCSI login request sent from said host 

25 computer and said access management table when the source IP address of the iSCSI login 

26 request is in the same segment as the port of its storage apparatus according to said first 

27 determination; and 

28 means for accessing the LU to process the command when said LU has been 

29 cataloged in the access management table as a result of the third determination. 

1 24. (new) A storage system according to claim 23, wherein a command is 

2 given to a SNMP manager that transmits a request to the host computer to acquire an MIB for the 

3 source IP address included in the iSCSI login request to obtaining the MAC address. 

1 25. (new) A storage system according to claim 23, wherein a MAC address is 

2 obtained from said host computer by adoption of a protocol based on an iSCSI text mode 

3 negotiation. 

1 26. (new) A storage system according to claim 23, further comprising: 

2 a control memory for recording log data that the iSCSI login request has been 

3 made from a port of another network when the source address included in the IP header were not 
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4 the IP address in the same network as the port of the storage apparatus according to said the first 

5 determination means. 

1 27. (new) A storage system according to claim 24, further comprising: 

2 means for determining whether or not a predetermined time has lapsed without a 

3 response received from the host computer, wherein said second determination is performed if the 

4 storage apparatus receives an SNMP response to a SNMP request to the host computer without 

5 causing a timeout. 

1 28. (new) A storage system according to claim 23, further comprising, 

2 a control memory for recording log data indicating that the access from said host 

3 computer has not been approved therein, 

4 wherein processing of the command is not carried out if the requested access is 

5 determined to be a disallowed access to the LU by the third determination means. 

1 29. (new) An access control management method for processing a command 

2 comprising an access request transmitted by a host computer to a storage apparatus by way of a 

3 network, said access control management method comprising the steps of: 

4 receiving an iSCSI login request transmitted from the host computer; 

5 determining a first determination as to whether or not a source address included in 

6 an IP header of the iSCSI login request is an IP address in the same segment as a port of the 

7 storage apparatus; 

8 obtaining a MAC address assigned to the port of the host computer when the 

9 source address included in the IP header is not an IP address in the same network as the port of 

1 0 the storage apparatus as a result of the first determination; 

1 1 determining a second determination as to whether or not the MAC address has 

1 2 been cataloged in an access management table that defines the MAC addresses identifying the 

1 3 host computer; 



Page 4 of 12 



Appl. No. 10/765,289 PATENT 



Amdt. dated November 29, 2007 
Amendment under 37 CFR 1.116 Expedited Procedure 
Examining Group 2135 

14 approving an access by said iSCSI login request from the host computer to the 

1 5 storage apparatus when the MAC address has been cataloged in the access management table as 

1 6 a result of said second determination; 

1 7 determining a third determination as to whether or not a logical unit (LU) 

1 8 specified by the command has been cataloged in the access management table as the LU 

1 9 associated with the source IP address of a frame including the command; 

20 performing said second determination and said third determination in accordance 

2 1 with a source MAC address in the frame of iSCSI login request sent from said host computer and 

22 said access management table when the source IP address of the iSCSI login request is in the 

23 same segment as the port of its storage apparatus according to said first determination; and 

24 accessing to the LU to process the command when said LU has been cataloged in 

25 the access management tables as a result of the third determination. 

1 30. (new) An access control management method according to claim 29, 

2 wherein a command is given to a SNMP manager that transmits a request to the host computer to 

3 acquire an MIB for the source IP address included in the iSCSI login request to obtaining the 

4 MAC address. 

1 31. (new) An access control management method according to claim 29, 

2 wherein log data that the iSCSI login request has been made from a port of another network is 

3 recorded in a control memory if the source address included in the IP header were not the IP 

4 address in the same network as the port of the storage apparatus according to said the first 

5 determination. 

1 32. (new) An access control management method according to claim 30, 

2 further comprising: 

3 determining whether or not a predetermined time has lapsed without a response 

4 received from the host computer, wherein said second determination is performed if the storage 
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5 apparatus receives an SNMP response to a SNMP request to the host computer without causing a 

6 timeout. 

1 33. (new) An access control management method according to claim 29, 

2 wherein log data indicating that the access from said host computer has not been approved is 

3 recorded in a control memory and processing of the command is not carried out if the requested 

4 access is determined to be a disallowed access to the LU on the third determination. 
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